Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think I have a virus...found some weird programs [Solved]

Started by crayolaplaydoh , Apr 16 2014 07:34 AM

  • This topic is locked This topic is locked

#1
crayolaplaydoh
Posted 16 April 2014 - 07:34 AM

crayolaplaydoh

    Member

  • Member
  • PipPip
  • 33 posts

Hi! I found a few weird programs installed that I didn't remember installing. Some programs were: save netu, SW-Booster, SNT.

 

Also, every time I open Chrome, it opens to websearch.amaizing. I can't get rid of it. It used to be conduit, which I couldn't get rid of either. I'm just curious if I've acquired something undesirable...

 

Here is my OTL log:

 

OTL logfile created on: 4/16/2014 9:06:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nicolr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 29.71% Memory free
7.77 Gb Paging File | 3.87 Gb Available in Paging File | 49.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.00 Gb Total Space | 197.50 Gb Free Space | 70.28% Space Free | Partition Type: NTFS
Drive Q: | 15.62 Gb Total Space | 6.19 Gb Free Space | 39.58% Space Free | Partition Type: NTFS
 
Computer Name: NICOLE | User Name: Nicolr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/16 08:07:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolr\Downloads\OTL.exe
PRC - [2014/04/11 06:25:07 | 006,087,224 | ---- | M] (Spotify Ltd) -- C:\Users\Nicolr\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/04/11 06:24:59 | 001,171,000 | ---- | M] (Spotify Ltd) -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/04/11 06:24:56 | 000,602,680 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/04/01 21:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/26 14:21:11 | 032,667,896 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nicolr\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/03/20 13:40:15 | 002,544,664 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2014/03/20 13:40:15 | 001,771,032 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
PRC - [2014/03/20 13:40:14 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
PRC - [2014/03/14 00:23:22 | 000,064,384 | ---- | M] (Google) -- C:\Users\Nicolr\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/02/26 14:05:04 | 002,449,696 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/11/01 10:22:46 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/10/05 11:28:42 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Nicolr\AppData\Local\Apps\2.0\YDJ5LN1G.7N9\1GQZWY81.T8N\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
PRC - [2011/12/22 01:08:12 | 001,528,120 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe
PRC - [2011/12/21 03:25:02 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2011/11/04 02:37:18 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/09/01 22:27:08 | 000,446,800 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
PRC - [2011/08/31 14:03:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/07/26 02:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/07/12 04:17:06 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/06/30 01:07:30 | 000,082,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/05/31 13:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/05/31 13:48:34 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/05/31 13:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/05/25 17:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011/03/14 07:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/01/16 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/16 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/22 22:25:46 | 000,339,456 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
PRC - [2010/12/18 18:50:38 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/16 07:03:07 | 000,041,984 | ---- | M] () -- c:\users\nicolr\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ewnnl.dll
MOD - [2014/04/11 06:25:02 | 036,966,968 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/04/11 06:24:59 | 000,886,840 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\libglesv2.dll
MOD - [2014/04/11 06:24:59 | 000,108,600 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\libegl.dll
MOD - [2014/04/11 06:24:56 | 000,602,680 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/04/01 21:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 21:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 21:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/01 21:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/01 21:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 21:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/03/20 13:40:16 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
MOD - [2014/03/20 13:40:15 | 002,544,664 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2014/03/01 04:15:16 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014/03/01 04:13:12 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/03/01 04:12:18 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/03/01 04:12:13 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/03/01 04:12:12 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/03/01 04:08:14 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/03/01 04:07:49 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/03/01 04:07:49 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/03/01 04:07:44 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/03/01 04:07:39 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/03/01 04:07:26 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/03/01 04:07:22 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/03/01 04:07:21 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/03/01 04:07:20 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/03/01 04:07:15 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/03/01 04:07:10 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/03/01 04:07:08 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/03/01 04:07:06 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/03/01 04:06:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e7e7e3b82e91028e6ed05189f837ea13\Accessibility.ni.dll
MOD - [2014/03/01 04:06:54 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/02 21:09:27 | 003,610,624 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/19 08:04:34 | 000,066,856 | ---- | M] () -- C:\Windows\SysWOW64\SynTPEnhPS.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/04/06 12:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2010/04/06 12:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/27 16:45:12 | 000,710,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/28 00:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 23:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/07/12 03:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 03:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/07/08 20:53:20 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2011/05/31 13:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/05/31 13:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/02/01 01:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/01/13 17:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/18 18:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/16 19:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/03/20 13:40:15 | 001,771,032 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
SRV - [2014/02/26 14:05:04 | 002,449,696 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/09/01 22:27:08 | 000,446,800 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe -- (SROSVC)
SRV - [2011/08/31 14:03:00 | 000,478,056 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/08/31 14:03:00 | 000,173,416 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/08/31 14:03:00 | 000,087,400 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/07/26 02:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/06/30 01:07:30 | 000,082,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/03/14 07:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/01/16 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/16 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/22 22:25:46 | 000,339,456 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/20 13:40:16 | 000,049,952 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/13 00:25:46 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2012/07/13 00:05:06 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/13 00:05:06 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/31 14:03:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/08/31 14:03:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/08/17 21:00:44 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/08/17 21:00:36 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/03 20:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/08 20:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2011/05/25 20:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/05/19 08:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/04 21:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011/02/09 01:48:56 | 001,577,600 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/01 01:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011/01/13 17:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/01/13 17:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/20 12:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/12/18 03:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/18 03:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/18 03:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/18 03:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/18 03:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 10:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/07 01:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 16:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.ama...&cc=US&unqvl=51
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.ama...&cc=US&unqvl=51
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://isearch.avg.com/?cid={EC42A [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.ama...&cc=US&unqvl=51
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{20F1AA9C-6BBA-443F-BE2F-F950BEB7CE68}: "URL" = http://websearch.ask...58-8CC95F9225EE
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7LENP_enUS498
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={EC42AC3E-BD9F-4FE8-A7B2-22486253BF7A}&mid=8cc2307721c547d09535edde48f6d7d3-d90e2f45c0084809627134b55629ed05288ca7de&lang=en&ds=gm011&pr=sa&d=2012-08-26 16:41:14&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.ama...&cc=US&unqvl=51
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6PQRkIQOwg&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nicolr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Nicolr\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nicolr\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nicolr\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/07/13 00:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
 
 
========== Chrome  ==========
 
CHR - default_search_provider: WebSearch (Enabled)
CHR - default_search_provider: search_url = http://websearch.ama...&cc=US&unqvl=51
CHR - default_search_provider: suggest_url = http://localhost,
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Nicolr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Nicolr\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Add Tasks to Do It Tomorrow = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\184\
CHR - Extension: SNT = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdkodoaeocimcaenfoaomicbeiaiohh\2.1\
CHR - Extension: YoutubeAdblocker = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebeenmijmmahjbnjebolmghokhgmhij\1.0\
CHR - Extension: AdBlock = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: saave net = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\knephmecmbfppebmacknjpclhhlkbame\5.14\
CHR - Extension: Google Wallet = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_4D5523C6FD6A31B0B8676336A9D4CF48] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Nicolr\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Nicolr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Nicolr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk = C:\Users\Nicolr\AppData\Local\Apps\2.0\YDJ5LN1G.7N9\1GQZWY81.T8N\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
O4 - Startup: C:\Users\Nicolr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nicolr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.205.160.99 129.74.250.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38934B2B-5D49-4268-9A15-3EC55B716F90}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{404E1575-E65D-4060-AF0D-6656C7598758}: DhcpNameServer = 66.205.160.99 129.74.250.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6554F330-41F8-4174-8A7A-07197B6382ED}: DhcpNameServer = 172.168.12.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{507c90c6-cca0-11e1-8543-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{507c90c6-cca0-11e1-8543-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/15 07:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SNT
[2014/04/15 07:28:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SNT
[2014/04/15 07:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperbApp
[2014/04/15 07:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker
[2014/04/15 07:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YoutubeAdblocker
[2014/04/15 07:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\saVE nnet
[2014/04/15 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\Packages
[2014/04/15 07:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\saVE nnet
[2014/04/15 07:26:31 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\Torch
[2014/04/15 07:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\43403b4d6ad3d26b
[2014/04/15 07:26:29 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\Comodo
[2014/04/15 07:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/03/30 16:41:08 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Roaming\DropboxMaster
[2014/03/27 19:24:06 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\Desktop\Winter 2013-14 Pictures Asia
[2014/03/27 05:50:36 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\{7CF1321E-5E73-463E-9004-5F72AF2838B5}
[2014/03/26 11:50:32 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\{A5486EAA-A390-4358-A67F-D8C47097F42B}
[2014/03/25 18:10:27 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\{348C867A-448E-4D75-9234-6C4811196B9C}
[2014/03/25 14:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2014/03/20 13:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/03/19 08:52:33 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Roaming\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/16 09:11:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3770062543-4082428275-1447757351-1000UA.job
[2014/04/16 08:54:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/16 08:13:37 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/16 08:13:37 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/16 08:13:37 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/16 07:50:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/16 07:09:36 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/16 07:09:36 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/16 07:03:27 | 000,003,098 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
[2014/04/16 07:02:08 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/16 07:01:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/04/16 07:01:28 | 3129,397,248 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/15 14:32:40 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3770062543-4082428275-1447757351-1000Core.job
[2014/04/07 12:16:05 | 000,154,025 | ---- | M] () -- C:\Users\Nicolr\Desktop\Delta Receipt.pdf
[2014/04/07 12:15:42 | 000,146,321 | ---- | M] () -- C:\Users\Nicolr\Desktop\Holiday Inn Receipt.pdf
[2014/03/30 16:41:14 | 000,001,060 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/03/30 16:40:41 | 000,001,030 | ---- | M] () -- C:\Users\Nicolr\Desktop\Dropbox.lnk
[2014/03/28 03:03:11 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/03/26 12:23:52 | 016,892,655 | ---- | M] () -- C:\Users\Nicolr\Desktop\all star valiant.wmv
[2014/03/26 12:02:49 | 000,011,820 | ---- | M] () -- C:\Users\Nicolr\AppData\Local\recently-used.xbel
[2014/03/25 18:03:38 | 002,359,091 | ---- | M] () -- C:\Users\Nicolr\Documents\all star-smashmouth - smashmouth edit.mp3
[2014/03/25 15:00:17 | 000,010,817 | -HS- | M] () -- C:\Users\Nicolr\Documents\Folder.jpg
[2014/03/25 15:00:17 | 000,010,817 | -HS- | M] () -- C:\Users\Nicolr\Documents\AlbumArt_{EB3FC20A-D36D-4607-80DD-59CEB3D7383A}_Large.jpg
[2014/03/25 15:00:16 | 000,002,598 | -HS- | M] () -- C:\Users\Nicolr\Documents\AlbumArtSmall.jpg
[2014/03/25 15:00:16 | 000,002,598 | -HS- | M] () -- C:\Users\Nicolr\Documents\AlbumArt_{EB3FC20A-D36D-4607-80DD-59CEB3D7383A}_Small.jpg
[2014/03/24 06:04:09 | 001,366,798 | ---- | M] () -- C:\Users\Nicolr\Desktop\Scientific_AmericanSept2005.pdf
[2014/03/24 06:04:03 | 000,044,527 | ---- | M] () -- C:\Users\Nicolr\Desktop\Rethinking+Development+Assistance_David+Ellerman_World+Bank.pdf
[2014/03/24 06:03:59 | 001,252,407 | ---- | M] () -- C:\Users\Nicolr\Desktop\Planners+Versus+Searchers.PDF
[2014/03/24 06:03:55 | 000,212,563 | ---- | M] () -- C:\Users\Nicolr\Desktop\Income+is+Development.pdf
[2014/03/20 13:40:16 | 000,049,952 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/03/19 07:32:17 | 000,506,021 | ---- | M] () -- C:\Users\Nicolr\Desktop\2007SP_feature_martinosberg.pdf
[2014/03/19 07:32:13 | 000,538,146 | ---- | M] () -- C:\Users\Nicolr\Desktop\2008FA_feature_phills_deiglmeier_miller.pdf
[2014/03/19 07:32:10 | 000,909,432 | ---- | M] () -- C:\Users\Nicolr\Desktop\2010SP_FirstPerson_All_Entrepreneurship_is_Social.pdf
 
========== Files Created - No Company Name ==========
 
[2014/04/07 12:16:05 | 000,154,025 | ---- | C] () -- C:\Users\Nicolr\Desktop\Delta Receipt.pdf
[2014/04/07 12:15:42 | 000,146,321 | ---- | C] () -- C:\Users\Nicolr\Desktop\Holiday Inn Receipt.pdf
[2014/03/26 12:23:12 | 016,892,655 | ---- | C] () -- C:\Users\Nicolr\Desktop\all star valiant.wmv
[2014/03/26 12:02:49 | 000,011,820 | ---- | C] () -- C:\Users\Nicolr\AppData\Local\recently-used.xbel
[2014/03/25 15:00:43 | 000,010,817 | -HS- | C] () -- C:\Users\Nicolr\Documents\Folder.jpg
[2014/03/25 15:00:43 | 000,010,817 | -HS- | C] () -- C:\Users\Nicolr\Documents\AlbumArt_{EB3FC20A-D36D-4607-80DD-59CEB3D7383A}_Large.jpg
[2014/03/25 15:00:43 | 000,002,598 | -HS- | C] () -- C:\Users\Nicolr\Documents\AlbumArtSmall.jpg
[2014/03/25 15:00:43 | 000,002,598 | -HS- | C] () -- C:\Users\Nicolr\Documents\AlbumArt_{EB3FC20A-D36D-4607-80DD-59CEB3D7383A}_Small.jpg
[2014/03/25 14:59:45 | 002,359,091 | ---- | C] () -- C:\Users\Nicolr\Documents\all star-smashmouth - smashmouth edit.mp3
[2014/03/24 06:04:07 | 001,366,798 | ---- | C] () -- C:\Users\Nicolr\Desktop\Scientific_AmericanSept2005.pdf
[2014/03/24 06:04:01 | 000,044,527 | ---- | C] () -- C:\Users\Nicolr\Desktop\Rethinking+Development+Assistance_David+Ellerman_World+Bank.pdf
[2014/03/24 06:03:57 | 001,252,407 | ---- | C] () -- C:\Users\Nicolr\Desktop\Planners+Versus+Searchers.PDF
[2014/03/24 06:03:49 | 000,212,563 | ---- | C] () -- C:\Users\Nicolr\Desktop\Income+is+Development.pdf
[2014/03/19 07:32:17 | 000,506,021 | ---- | C] () -- C:\Users\Nicolr\Desktop\2007SP_feature_martinosberg.pdf
[2014/03/19 07:32:13 | 000,538,146 | ---- | C] () -- C:\Users\Nicolr\Desktop\2008FA_feature_phills_deiglmeier_miller.pdf
[2014/03/19 07:32:07 | 000,909,432 | ---- | C] () -- C:\Users\Nicolr\Desktop\2010SP_FirstPerson_All_Entrepreneurship_is_Social.pdf
[2013/02/07 04:05:48 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2013/02/07 04:05:48 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/10/10 20:32:57 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/08/20 03:36:24 | 000,004,096 | -H-- | C] () -- C:\Users\Nicolr\AppData\Local\keyfile3.drm
[2012/07/25 12:40:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/20 10:16:00 | 000,000,000 | ---- | C] () -- C:\Users\Nicolr\AppData\Local\{95984A11-5C56-4FDC-B40B-C5202741B8F3}
[2012/07/19 23:21:14 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/13 00:20:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/07/13 00:20:34 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/07/13 00:20:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/07/13 00:20:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/07/13 00:20:33 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/07/12 23:56:41 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/03/04 08:59:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Activeris
[2012/12/27 12:10:38 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Amazon
[2014/03/26 18:55:38 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Audacity
[2014/04/16 07:04:13 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Dropbox
[2014/03/30 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\DropboxMaster
[2014/03/04 07:39:30 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Free Picture Solutions
[2013/04/18 08:13:59 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\IBM
[2012/07/20 10:13:15 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Leadertech
[2012/08/28 08:12:05 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Lenovo
[2014/02/02 11:29:23 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\McGraw-HillLicensing
[2012/09/24 03:46:23 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\OpenOffice.org
[2013/10/13 09:08:35 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\OverDrive
[2014/03/04 07:36:42 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Paltalk
[2013/01/27 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Philipp Winterberg
[2012/07/20 10:16:00 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\PwrMgr
[2012/07/25 12:30:00 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\SoftGrid Client
[2014/04/16 08:55:52 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Spotify
[2013/02/19 08:12:03 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\SPSSInc
[2014/03/04 09:00:28 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Systweak
[2012/07/19 23:22:23 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\TP
[2012/08/29 19:54:45 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Xerox
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 161 bytes -> C:\Users\Nicolr\Documents\IMG_0037.JPG:com.dropbox.attributes
 
< End of report >
 
 
Thanks!
 

  • 0

Advertisements

#2
Pyxis
Posted 16 April 2014 - 08:39 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:
  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
Pyxis
Posted 16 April 2014 - 10:35 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.

      cF4ib.png

    • Copy and paste the following into the Custom Scans/Fixes box:
      :OTL
SRV:64bit: - [2014/01/27 16:45:12 | 000,710,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
SRV - [2014/03/20 13:40:15 | 001,771,032 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
SRV - [2014/02/26 14:05:04 | 002,449,696 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
DRV:64bit: - [2014/03/20 13:40:16 | 000,049,952 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.ama...&cc=US&unqvl=51
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.ama...&cc=US&unqvl=51
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://isearch.avg.com/?cid={EC42A [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.ama...&cc=US&unqvl=51
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{20F1AA9C-6BBA-443F-BE2F-F950BEB7CE68}: "URL" = http://websearch.ask...58-8CC95F9225EE
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7LENP_enUS498
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={EC42AC3E-BD9F-4FE8-A7B2-22486253BF7A}&mid=8cc2307721c547d09535edde48f6d7d3-d90e2f45c0084809627134b55629ed05288ca7de&lang=en&ds=gm011&pr=sa&d=2012-08-26 16:41:14&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.ama...&cc=US&unqvl=51
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6PQRkIQOwg&i=26
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
[2014/04/15 07:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SNT
[2014/04/15 07:28:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SNT
[2014/04/15 07:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperbApp
[2014/04/15 07:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker
[2014/04/15 07:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YoutubeAdblocker
[2014/04/15 07:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\saVE nnet
[2014/04/15 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\Packages
[2014/04/15 07:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\saVE nnet
[2014/04/15 07:26:31 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\Torch
[2014/04/15 07:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\43403b4d6ad3d26b
[2014/03/27 05:50:36 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\{7CF1321E-5E73-463E-9004-5F72AF2838B5}
[2014/03/26 11:50:32 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\{A5486EAA-A390-4358-A67F-D8C47097F42B}
[2014/03/25 18:10:27 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\{348C867A-448E-4D75-9234-6C4811196B9C}
[2014/03/20 13:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/04/16 07:01:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
@Alternate Data Stream - 161 bytes -> C:\Users\Nicolr\Documents\IMG_0037.JPG:com.dropbox.attributes

:Files
C:\Program Files\Level Quality Watcher
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\SearchProtect
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\knephmecmbfppebmacknjpclhhlkbame
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebeenmijmmahjbnjebolmghokhgmhij
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdkodoaeocimcaenfoaomicbeiaiohh
C:\Program Files (x86)\AVG Secure Search

:Commands
[emptytemp]
[resethosts]
    • Click Run Fix.
    • OTL will reboot your system. Allow it by clicking OK.
    • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Your Google Chrome settings have been altered by malware. Please reset them by following 'this' guide.
  • Step 3

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 5

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 6

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Ensure that the following settings are followed. Make sure all other windows are closed and let it run uninterrupted.

      Ed5W1.png

    • Click Run Scan.
    • After a short while, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
    • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)
    • Extras.txt (OTL)
    • OTL.txt (OTL)
    • AdwCleaner[S*].txt (AdwCleaner)
    • checkup.txt (SecurityCheck)
    • JRT.txt (Junkware Removal Tool)

  • 0

#4
crayolaplaydoh
Posted 16 April 2014 - 06:17 PM

crayolaplaydoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Hi! I couldn't get Security Check to work - it keeps saying "unauthorized system" or something.

 

Anyway, here are my logs!

 

  • MMDDYYYY_HHMMSS.log (OTL)

All processes killed
========== OTL ==========
Service Level Quality Watcher stopped successfully!
Service Level Quality Watcher deleted successfully!
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe moved successfully.
Service vToolbarUpdater18.0.5 stopped successfully!
Service vToolbarUpdater18.0.5 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe moved successfully.
Service CltMngSvc stopped successfully!
Service CltMngSvc deleted successfully!
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe moved successfully.
Service avgtp stopped successfully!
Service avgtp deleted successfully!
C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20F1AA9C-6BBA-443F-BE2F-F950BEB7CE68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20F1AA9C-6BBA-443F-BE2F-F950BEB7CE68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
File move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar deleted successfully.
File C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files (x86)\AVG Secure Search\vprot.exe moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
Invalid CLSID key: C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll not found.
Q:\AUTORUN.INF moved successfully.
C:\ProgramData\SNT folder moved successfully.
C:\Program Files (x86)\SNT folder moved successfully.
C:\ProgramData\SuperbApp\SW-Booster folder moved successfully.
C:\ProgramData\SuperbApp\Setup folder moved successfully.
C:\ProgramData\SuperbApp folder moved successfully.
C:\ProgramData\YoutubeAdblocker folder moved successfully.
C:\Program Files (x86)\YoutubeAdblocker folder moved successfully.
C:\ProgramData\saVE nnet folder moved successfully.
C:\Users\Nicolr\AppData\Local\Packages\windows_ie_ac_001\AC\{B4D7CEDF-C5EF-8CB4-AC04-97850E369EBB} folder moved successfully.
C:\Users\Nicolr\AppData\Local\Packages\windows_ie_ac_001\AC\{4F9FC285-5ED7-09CC-8E9A-52EDD90871EF} folder moved successfully.
C:\Users\Nicolr\AppData\Local\Packages\windows_ie_ac_001\AC\{37FB2B29-CF52-2D09-5E28-CD6EEEA3F65A} folder moved successfully.
C:\Users\Nicolr\AppData\Local\Packages\windows_ie_ac_001\AC folder moved successfully.
C:\Users\Nicolr\AppData\Local\Packages\windows_ie_ac_001 folder moved successfully.
C:\Users\Nicolr\AppData\Local\Packages folder moved successfully.
C:\Program Files (x86)\saVE nnet folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch\User Data\Default\Extensions\knephmecmbfppebmacknjpclhhlkbame\5.14 folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch\User Data\Default\Extensions\knephmecmbfppebmacknjpclhhlkbame folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch\User Data\Default\Extensions\gebeenmijmmahjbnjebolmghokhgmhij\1.0 folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch\User Data\Default\Extensions\gebeenmijmmahjbnjebolmghokhgmhij folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch\User Data\Default\Extensions\fmdkodoaeocimcaenfoaomicbeiaiohh\2.1 folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch\User Data\Default\Extensions\fmdkodoaeocimcaenfoaomicbeiaiohh folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\184 folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch\User Data\Default\Extensions folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch\User Data\Default folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch\User Data folder moved successfully.
C:\Users\Nicolr\AppData\Local\Torch folder moved successfully.
C:\ProgramData\43403b4d6ad3d26b folder moved successfully.
C:\Users\Nicolr\AppData\Local\{7CF1321E-5E73-463E-9004-5F72AF2838B5} folder moved successfully.
C:\Users\Nicolr\AppData\Local\{A5486EAA-A390-4358-A67F-D8C47097F42B} folder moved successfully.
C:\Users\Nicolr\AppData\Local\{348C867A-448E-4D75-9234-6C4811196B9C} folder moved successfully.
C:\ProgramData\AVG Secure Search\Logger folder moved successfully.
C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292 folder moved successfully.
C:\ProgramData\AVG Secure Search\ChromeExt folder moved successfully.
C:\ProgramData\AVG Secure Search folder moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job moved successfully.
ADS C:\Users\Nicolr\Documents\IMG_0037.JPG:com.dropbox.attributes deleted successfully.
========== FILES ==========
C:\Program Files\Level Quality Watcher\v1.01 folder moved successfully.
C:\Program Files\Level Quality Watcher folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\12.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5 scheduled to be moved on reboot.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0 folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\12.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\CommonInstaller\12.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\CommonInstaller folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search scheduled to be moved on reboot.
C:\Program Files (x86)\SearchProtect\Main\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main\Logs folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main folder moved successfully.
C:\Program Files (x86)\SearchProtect folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\knephmecmbfppebmacknjpclhhlkbame\5.14 folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\knephmecmbfppebmacknjpclhhlkbame folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebeenmijmmahjbnjebolmghokhgmhij\1.0 folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebeenmijmmahjbnjebolmghokhgmhij folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdkodoaeocimcaenfoaomicbeiaiohh\2.1 folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdkodoaeocimcaenfoaomicbeiaiohh folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\UninstallRes\ClientPackage folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\UninstallRes folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\radio folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\PostInstall folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Licenses folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\EnableHelperRes\Images folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\EnableHelperRes folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\DSPDlg_IE folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\ChromeRes\AVG Secure Search folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\ChromeRes\AVG Nation toolbar folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\ChromeRes folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\ChromeGuardRes folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\zh_TW folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\zh_CN folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\tr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\sr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\sk folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\ru folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\pt_PT folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\pt_BR folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\pl folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\nl folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\ko folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\ja folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\it folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\id folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\hu folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\fr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\es_419 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\es folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\en folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\de folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\da folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\cs folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\icons folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\content\lib folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\content\js folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\content\icons folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\content\css folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\content folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\BundleInstall folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\18.0.5.292 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\18.0.0.248 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\17.3.0.49 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\17.2.0.38 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\17.1.2.1 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\17.0.1.12 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\17.0.0.9 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\15.5.0.2 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\15.4.0.5 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\15.3.0.11 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\15.2.0.5 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\14.2.0.1 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\14.1.0.10 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\14.0.2.14 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\UninstallRes\ClientPackage\Images\uninstall folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\UninstallRes\ClientPackage\Images folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\UninstallRes\ClientPackage folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\UninstallRes folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\zh_TW folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\zh_CN folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\tr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\sr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\sk folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\ru folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\pt_PT folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\pt_BR folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\pl folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\nl folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\ko folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\ja folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\it folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\id folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\hu folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\fr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\es_419 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\es folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\en folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\de folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\da folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\cs folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\content\lib folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\content\js folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\content\icons folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\content\css folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\content folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.0.5\radio folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.0.5\Chrome\icons folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.0.5\Chrome folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.0.5 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
 
User: HomeGroupUser$
 
User: Nicolr
->Temp folder emptied: 5633609074 bytes
->Temporary Internet Files folder emptied: 465081984 bytes
->Google Chrome cache emptied: 246373093 bytes
->Flash cache emptied: 76476 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1433446705 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321438 bytes
RecycleBin emptied: 5659626 bytes
 
Total Files Cleaned = 7,464.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 04162014_124015
 
Files\Folders moved on Reboot...
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll not found!
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search scheduled to be moved on reboot.
File\Folder C:\Users\Nicolr\AppData\Local\Temp\OICE_D0A158A1-7000-421B-AB23-0CDB05B8996B.0\361E953B. not found!
File\Folder C:\Users\Nicolr\AppData\Local\Temp\OICE_C477FDE6-65BE-47BA-8A84-2906E1C11EC3.0\9CBE14D9. not found!
File\Folder C:\Users\Nicolr\AppData\Local\Temp\OICE_386A0E27-4D58-4DBF-95FE-BCED34BE0D39.0\3E1CBD8C. not found!
File\Folder C:\Users\Nicolr\AppData\Local\Temp\hsperfdata_Nicolr\10064 not found!
C:\Users\Nicolr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nicolr\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
  • Extras.txt (OTL)

OTL Extras logfile created on: 4/16/2014 7:25:55 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nicolr\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 28.38% Memory free
7.77 Gb Paging File | 2.96 Gb Available in Paging File | 38.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.00 Gb Total Space | 203.23 Gb Free Space | 72.32% Space Free | Partition Type: NTFS
Drive Q: | 15.62 Gb Total Space | 6.19 Gb Free Space | 39.58% Space Free | Partition Type: NTFS
 
Computer Name: NICOLE | User Name: Nicolr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3770062543-4082428275-1447757351-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03830E20-5F4F-4B19-B9FE-50F069A0D4F7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{05F0AB5A-E634-425B-A46B-4E35F947FA74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0936B93C-AACB-4C07-82D7-3183A33B02CC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0B405126-17A8-4260-B9B8-4EDE6EB8012F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0B7803FE-72E3-4483-A6DD-29D6AC970D48}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0F649907-DD43-4821-9D44-79F566999336}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1981E24B-C189-4899-866A-F8D020648F4E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{3B1C04DF-0213-4A25-B10C-5158FA125A1C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4246B76C-BD10-42C6-A592-27CD62A67D5C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5EE67C14-48D3-4DBB-AB73-FA095D018ED5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{63E85BDC-9AF0-44B9-8FEB-AE224C1DE846}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6D7067D0-1F72-4870-9F9B-B88BE3C69F5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{73A79774-E2C2-4871-BF57-A20778C7C1CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7F5651DA-8362-458C-9C08-B7C47A3F8187}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A3B40CA-FE3C-4BC1-91AF-82268D152765}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8EE2FCDC-23E0-4E51-A325-CF45E73FCACC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9DB5044E-EF1F-4A40-AC41-755553A5998D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A7CD789D-BA63-4887-B838-2845B6B9A77A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C65290D7-46B8-43F9-B601-C7FF1FFAE8EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DBC00590-DE02-4C52-9ADD-CDD34ABDD12B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD04A81A-6F24-4019-B563-402D9A164109}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F317641F-23CC-4D09-B5D8-0A4036117E03}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{F5FE9AE7-D76B-4C59-8BB7-010FBDD29252}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FAB05892-E320-45BE-99D1-F400A875FFAE}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A96444-284B-430A-8FAF-F4C8E306DEA0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{075BDD10-484B-406B-ADEE-A92501500666}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{175A0046-1FCF-41FB-A0C5-B37E3497A2EC}" = protocol=58 | dir=out | [email protected],-28546 | 
"{18B6A4D4-49AB-4D49-855C-6DF8A7D3E8E4}" = protocol=17 | dir=in | app=c:\users\nicolr\appdata\roaming\dropbox\bin\dropbox.exe | 
"{27EB3AC2-581E-4837-8D12-B8747FBAFDCC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2B459A99-6D0C-46C8-86C5-A55BD6560BBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2E49803E-5425-4FCA-ACC9-81CCAE5175A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{470FFB76-F258-4E1F-BA72-A2C1827B9224}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{481CB9FA-92BE-48AD-8B3A-BD9AA4A83152}" = protocol=1 | dir=out | [email protected],-28544 | 
"{55CF2EAC-B8A0-4B2E-B00A-3FB50186CBB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5754E38F-E592-4839-9D7B-782124006604}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{577AF06E-DFE2-47EA-B74B-6DA03228660C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{5B14A651-36CF-4744-8AD0-A3C8047B9D42}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6006B87F-95C3-42E8-BF15-A98FCBD3B9DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{64A6FDF1-B02A-4E36-A065-B569197E64B6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6EDB1509-2814-4FAC-AD6D-5E98C4D4695E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{749C1997-7C23-4ED8-B68E-2FF63C386373}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{7D1FA599-C8D9-44F4-8719-FEBC0F5C94D0}" = protocol=6 | dir=in | app=c:\users\nicolr\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{831FDDFC-8C0F-4D19-BB85-7172C93C8EF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{83A36B99-3AC8-46B3-B0B4-C84B66685A17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{86E8201F-E93E-4032-8122-BCED9A9E0E09}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe | 
"{879A4BC1-B0F2-4DA8-90F3-E6FB03980578}" = protocol=58 | dir=in | [email protected],-28545 | 
"{87BB10EF-EBC7-4321-A82A-4E850DDD0A79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{961755C7-F79A-495D-9E94-88360395634F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A049A23A-0DA3-4F2F-A943-47B71B364212}" = protocol=6 | dir=in | app=c:\users\nicolr\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A0A0E097-5C9D-47D7-B2BD-C055434EFDEE}" = protocol=1 | dir=in | [email protected],-28543 | 
"{A2EA3B36-4F11-45A9-A061-532ADC101FE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B493B74E-F213-4273-A8D4-94903FCB2105}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B55D88D5-2B78-4C61-821B-76CD7386B35B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF51C03E-CD10-4869-94DA-816B7E70620D}" = protocol=6 | dir=out | app=system | 
"{D2CF21AD-F634-4C6E-B64F-1CF1F85A22BD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6B73ACA-F6EC-4434-8CDF-05E3830B007A}" = protocol=17 | dir=in | app=c:\users\nicolr\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{D7D00E49-74F2-4B90-9626-70BF32B80776}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{DE059E9F-F81E-40AA-90C9-8A30351C898C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E9CB346D-D903-4DD0-93A6-34253D43CF90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EACBEA2B-B51A-4551-B305-702C09E467A8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F370DB73-DE8F-4E6A-A144-CE29D24BE51B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD1D396B-174E-4F7A-B7DE-6D13E9FC0BD6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{07346A29-1B27-41EB-8AE3-0CF33E0E3A35}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | 
"TCP Query User{2DC03C9F-7712-4832-BAD7-E18ECCE61BB9}C:\users\nicolr\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nicolr\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{5948A6D7-E721-42B3-B12F-D5D4663CC797}C:\users\nicolr\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nicolr\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B2FDDBEA-FD64-45D4-A907-ADAFD5C4D046}C:\users\nicolr\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nicolr\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{79DC6D9A-3261-445F-9BBC-888199AFC26C}C:\users\nicolr\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nicolr\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{A41E9AE7-0F52-404B-9BFD-B5E022F8EA87}C:\users\nicolr\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nicolr\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{AD958855-2048-4B18-BF14-0B5D5C905C11}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | 
"UDP Query User{E66989F3-A3EE-4982-B6A1-F088945A24B6}C:\users\nicolr\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nicolr\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{828CE72E-718B-4FDC-A469-8DE674CE8C4D}" = Lenovo Solution Center
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{C9911EE5-6A0A-4050-BEBF-767710B7CDBF}" = IBM SPSS Modeler 15.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}" = Lenovo SimpleTap
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011)
"0DD5528A211904214F70A66DE6ADBD378B21566D" = Windows Driver Package - Intel USB  (12/21/2010 9.2.0.1021)
"43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows Driver Package - Intel System  (11/20/2010 9.2.0.1016)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0)
"8058FF31D7C7F4818DC176DAF53CD379968C86E4" = Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011)
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"D01A7EE241898C810674C69EB908D655D149BE77" = Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00)
"DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows Driver Package - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"GIMP-2_is1" = GIMP 2.8.2
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Level Quality Watcher" = SavingsBull
"Microsoft Security Client" = Microsoft Security Essentials
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66DEE6A2-9006-4772-9684-3196D499D8BC}" = Free Webcam Recorder
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}" = Message Center Plus
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91A29166-4E1B-4664-B70B-4C4A3B6B3372}" = Lenovo Screen Reading Optimizer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AE50E343-45DA-4AFD-8877-1AA7DCF5510A}" = ForecastX Wizard 7.5 Student Edition
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B4AAD3B7-13EA-4CEA-B493-6B38DA8E8405}" = Frontline Excel Solvers 2014
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Audacity_is1" = Audacity 2.0.2
"Free RAR Extract Frog" = Free RAR Extract Frog
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Standard)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Lenovo Welcome_is1" = Lenovo Welcome
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Pharos" = Pharos
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3770062543-4082428275-1447757351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"23ab716f18849b6f" = Amazon Cloud Drive
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/16/2014 7:33:22 PM | Computer Name = Nicole | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6364
 
Error - 4/16/2014 7:33:23 PM | Computer Name = Nicole | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/16/2014 7:33:23 PM | Computer Name = Nicole | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7363
 
Error - 4/16/2014 7:33:23 PM | Computer Name = Nicole | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7363
 
Error - 4/16/2014 7:33:25 PM | Computer Name = Nicole | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/16/2014 7:33:25 PM | Computer Name = Nicole | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8814
 
Error - 4/16/2014 7:33:25 PM | Computer Name = Nicole | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8814
 
Error - 4/16/2014 7:33:26 PM | Computer Name = Nicole | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/16/2014 7:33:26 PM | Computer Name = Nicole | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9906
 
Error - 4/16/2014 7:33:26 PM | Computer Name = Nicole | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9906
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 2/3/2014 12:10:20 PM | Computer Name = Nicole | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
 is known
 
Error - 2/6/2014 7:10:28 PM | Computer Name = Nicole | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
 is known
 
Error - 2/6/2014 7:10:28 PM | Computer Name = Nicole | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
 is known
 
Error - 2/6/2014 7:10:28 PM | Computer Name = Nicole | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
 is known
 
Error - 3/4/2014 10:06:22 AM | Computer Name = Nicole | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
 is known
 
Error - 3/4/2014 10:06:22 AM | Computer Name = Nicole | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
 is known
 
Error - 3/4/2014 10:06:22 AM | Computer Name = Nicole | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
 is known
 
Error - 4/16/2014 1:11:21 PM | Computer Name = Nicole | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
 is known
 
Error - 4/16/2014 1:11:21 PM | Computer Name = Nicole | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
 is known
 
Error - 4/16/2014 1:11:21 PM | Computer Name = Nicole | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
 is known
 
[ System Events ]
Error - 4/16/2014 2:53:16 PM | Computer Name = Nicole | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 0.0.0.0 with
 the system  having network hardware address 7C-95-F3-19-1E-83. Network operations
 on this system may  be disrupted as a result.
 
Error - 4/16/2014 2:57:27 PM | Computer Name = Nicole | Source = DCOM | ID = 10010
Description = 
 
Error - 4/16/2014 2:57:27 PM | Computer Name = Nicole | Source = DCOM | ID = 10010
Description = 
 
Error - 4/16/2014 2:57:18 PM | Computer Name = Nicole | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the SUService service.
 
 
< End of report >
 
 
 

 

 

 

 

  • OTL.txt (OTL)

 


OTL logfile created on: 4/16/2014 7:25:55 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nicolr\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 28.38% Memory free
7.77 Gb Paging File | 2.96 Gb Available in Paging File | 38.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.00 Gb Total Space | 203.23 Gb Free Space | 72.32% Space Free | Partition Type: NTFS
Drive Q: | 15.62 Gb Total Space | 6.19 Gb Free Space | 39.58% Space Free | Partition Type: NTFS
 
Computer Name: NICOLE | User Name: Nicolr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/16 08:07:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolr\Desktop\OTL.exe
PRC - [2014/04/11 06:25:07 | 006,087,224 | ---- | M] (Spotify Ltd) -- C:\Users\Nicolr\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/04/11 06:24:59 | 001,171,000 | ---- | M] (Spotify Ltd) -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/04/11 06:24:56 | 000,602,680 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/04/01 21:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/26 14:21:11 | 032,667,896 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nicolr\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/03/14 00:23:22 | 000,064,384 | ---- | M] (Google) -- C:\Users\Nicolr\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/02/21 15:56:14 | 000,202,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/11/01 10:22:46 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/10/05 11:28:42 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Nicolr\AppData\Local\Apps\2.0\YDJ5LN1G.7N9\1GQZWY81.T8N\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
PRC - [2011/12/22 01:08:12 | 001,528,120 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe
PRC - [2011/12/21 03:25:02 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2011/11/04 02:37:18 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/09/01 22:27:08 | 000,446,800 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
PRC - [2011/08/31 14:03:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/07/26 02:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/07/12 04:17:06 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/06/30 01:07:30 | 000,082,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/05/31 13:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/05/31 13:48:34 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/05/31 13:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/05/25 17:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011/03/14 07:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/01/16 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/16 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/22 22:25:46 | 000,339,456 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
PRC - [2010/12/18 18:50:38 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/16 13:35:49 | 000,041,984 | ---- | M] () -- c:\users\nicolr\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppfk8x3.dll
MOD - [2014/04/11 06:25:02 | 036,966,968 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/04/11 06:24:59 | 000,886,840 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\libglesv2.dll
MOD - [2014/04/11 06:24:59 | 000,108,600 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\libegl.dll
MOD - [2014/04/11 06:24:56 | 000,602,680 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/04/01 21:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 21:58:02 | 013,691,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
MOD - [2014/04/01 21:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 21:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/01 21:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/01 21:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 21:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/03/01 04:15:16 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014/03/01 04:13:12 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/03/01 04:12:18 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/03/01 04:12:13 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/03/01 04:12:12 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/03/01 04:08:14 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/03/01 04:07:49 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/03/01 04:07:49 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/03/01 04:07:44 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/03/01 04:07:39 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/03/01 04:07:26 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/03/01 04:07:22 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/03/01 04:07:21 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/03/01 04:07:20 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/03/01 04:07:15 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/03/01 04:07:10 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/03/01 04:07:08 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/03/01 04:07:06 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/03/01 04:06:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e7e7e3b82e91028e6ed05189f837ea13\Accessibility.ni.dll
MOD - [2014/03/01 04:06:54 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/21 15:55:36 | 007,422,144 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2014/02/21 15:55:36 | 000,192,704 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2014/02/21 15:55:34 | 001,269,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2014/02/21 15:55:34 | 000,794,816 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2014/02/21 15:55:32 | 002,453,696 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2014/02/21 15:55:32 | 002,126,016 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2014/01/02 21:09:27 | 003,610,624 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/19 08:04:34 | 000,066,856 | ---- | M] () -- C:\Windows\SysWOW64\SynTPEnhPS.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/04/06 12:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2010/04/06 12:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/28 00:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 23:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/07/12 03:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 03:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/07/08 20:53:20 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2011/05/31 13:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/05/31 13:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/02/01 01:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/01/13 17:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/18 18:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/16 19:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/02/21 15:56:14 | 000,202,080 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/09/01 22:27:08 | 000,446,800 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe -- (SROSVC)
SRV - [2011/08/31 14:03:00 | 000,478,056 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/08/31 14:03:00 | 000,173,416 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/08/31 14:03:00 | 000,087,400 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/07/26 02:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/06/30 01:07:30 | 000,082,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/03/14 07:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/01/16 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/16 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/22 22:25:46 | 000,339,456 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/13 00:25:46 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2012/07/13 00:05:06 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/13 00:05:06 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/31 14:03:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/08/31 14:03:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/08/17 21:00:44 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/08/17 21:00:36 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/03 20:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/08 20:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2011/05/25 20:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/05/19 08:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/04 21:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011/02/09 01:48:56 | 001,577,600 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/01 01:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011/01/13 17:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/01/13 17:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/20 12:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/12/18 03:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/18 03:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/18 03:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/18 03:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/18 03:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 10:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/07 01:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 16:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nicolr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Nicolr\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nicolr\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nicolr\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/07/13 00:30:44 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Nicolr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Nicolr\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Add Tasks to Do It Tomorrow = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\184\
CHR - Extension: AdBlock = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: MySearchDial New Tab = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\
CHR - Extension: Google Wallet = C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/04/16 12:45:24 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000..\Run: [GoogleChromeAutoLaunch_4D5523C6FD6A31B0B8676336A9D4CF48] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000..\Run: [Spotify] C:\Users\Nicolr\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3770062543-4082428275-1447757351-1000..\Run: [Spotify Web Helper] C:\Users\Nicolr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Nicolr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk = C:\Users\Nicolr\AppData\Local\Apps\2.0\YDJ5LN1G.7N9\1GQZWY81.T8N\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
O4 - Startup: C:\Users\Nicolr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nicolr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.205.160.99 129.74.250.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38934B2B-5D49-4268-9A15-3EC55B716F90}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{404E1575-E65D-4060-AF0D-6656C7598758}: DhcpNameServer = 66.205.160.99 129.74.250.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6554F330-41F8-4174-8A7A-07197B6382ED}: DhcpNameServer = 172.168.12.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{507c90c6-cca0-11e1-8543-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{507c90c6-cca0-11e1-8543-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/16 13:39:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/16 13:31:20 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2014/04/16 13:31:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/16 13:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/04/16 13:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2014/04/16 13:29:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/16 13:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/04/16 13:22:45 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\IsolatedStorage
[2014/04/16 13:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/16 12:40:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/16 08:07:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nicolr\Desktop\OTL.exe
[2014/04/15 07:26:29 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Local\Comodo
[2014/04/15 07:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/04/11 11:41:28 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/11 11:41:27 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/11 11:41:26 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/11 11:41:21 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/11 11:41:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/11 11:41:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/11 11:41:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/11 11:41:19 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/11 11:41:19 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/11 11:41:19 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/11 11:41:19 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/11 11:41:19 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/11 11:41:19 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/11 11:41:18 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/11 11:41:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/11 11:41:18 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/11 11:41:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/11 11:41:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/11 11:41:18 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/11 11:41:16 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/11 11:41:16 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/11 11:41:16 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/11 11:41:16 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/11 11:41:15 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/11 11:41:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/11 11:41:14 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/11 11:41:12 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/11 11:41:11 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/11 11:41:09 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/09 20:20:16 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/09 20:20:16 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/09 20:20:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/09 20:20:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/09 20:20:14 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/09 20:20:14 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/09 20:20:14 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/09 20:20:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/09 20:20:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/09 20:20:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/09 20:20:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/09 20:20:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/09 20:20:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/09 20:20:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/03/30 16:41:08 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Roaming\DropboxMaster
[2014/03/27 19:24:06 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\Desktop\Winter 2013-14 Pictures Asia
[2014/03/25 14:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2014/03/19 08:52:33 | 000,000,000 | ---D | C] -- C:\Users\Nicolr\AppData\Roaming\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/16 19:40:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/16 19:11:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3770062543-4082428275-1447757351-1000UA.job
[2014/04/16 19:10:18 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/16 13:42:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/16 13:42:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/16 13:39:46 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/16 13:39:46 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/16 13:39:46 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/16 13:36:26 | 000,003,098 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
[2014/04/16 13:34:39 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/16 13:33:57 | 3129,397,248 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/16 13:31:11 | 000,001,088 | ---- | M] () -- C:\Users\Nicolr\Desktop\Kaspersky Security Scan.lnk
[2014/04/16 13:20:34 | 000,000,047 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\WB.CFG
[2014/04/16 13:16:02 | 000,358,193 | ---- | M] () -- C:\Users\Nicolr\AppData\Local\speedial.crx
[2014/04/16 12:45:24 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/16 12:14:03 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3770062543-4082428275-1447757351-1000Core.job
[2014/04/16 08:07:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolr\Desktop\OTL.exe
[2014/04/07 12:16:05 | 000,154,025 | ---- | M] () -- C:\Users\Nicolr\Desktop\Delta Receipt.pdf
[2014/04/07 12:15:42 | 000,146,321 | ---- | M] () -- C:\Users\Nicolr\Desktop\Holiday Inn Receipt.pdf
[2014/03/30 16:41:14 | 000,001,060 | ---- | M] () -- C:\Users\Nicolr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/03/30 16:40:41 | 000,001,030 | ---- | M] () -- C:\Users\Nicolr\Desktop\Dropbox.lnk
[2014/03/28 03:03:11 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/03/26 12:23:52 | 016,892,655 | ---- | M] () -- C:\Users\Nicolr\Desktop\all star valiant.wmv
[2014/03/26 12:02:49 | 000,011,820 | ---- | M] () -- C:\Users\Nicolr\AppData\Local\recently-used.xbel
[2014/03/25 18:03:38 | 002,359,091 | ---- | M] () -- C:\Users\Nicolr\Documents\all star-smashmouth - smashmouth edit.mp3
[2014/03/25 15:00:17 | 000,010,817 | -HS- | M] () -- C:\Users\Nicolr\Documents\Folder.jpg
[2014/03/25 15:00:17 | 000,010,817 | -HS- | M] () -- C:\Users\Nicolr\Documents\AlbumArt_{EB3FC20A-D36D-4607-80DD-59CEB3D7383A}_Large.jpg
[2014/03/25 15:00:16 | 000,002,598 | -HS- | M] () -- C:\Users\Nicolr\Documents\AlbumArtSmall.jpg
[2014/03/25 15:00:16 | 000,002,598 | -HS- | M] () -- C:\Users\Nicolr\Documents\AlbumArt_{EB3FC20A-D36D-4607-80DD-59CEB3D7383A}_Small.jpg
[2014/03/24 06:04:09 | 001,366,798 | ---- | M] () -- C:\Users\Nicolr\Desktop\Scientific_AmericanSept2005.pdf
[2014/03/24 06:04:03 | 000,044,527 | ---- | M] () -- C:\Users\Nicolr\Desktop\Rethinking+Development+Assistance_David+Ellerman_World+Bank.pdf
[2014/03/24 06:03:59 | 001,252,407 | ---- | M] () -- C:\Users\Nicolr\Desktop\Planners+Versus+Searchers.PDF
[2014/03/24 06:03:55 | 000,212,563 | ---- | M] () -- C:\Users\Nicolr\Desktop\Income+is+Development.pdf
[2014/03/19 07:32:17 | 000,506,021 | ---- | M] () -- C:\Users\Nicolr\Desktop\2007SP_feature_martinosberg.pdf
[2014/03/19 07:32:13 | 000,538,146 | ---- | M] () -- C:\Users\Nicolr\Desktop\2008FA_feature_phills_deiglmeier_miller.pdf
[2014/03/19 07:32:10 | 000,909,432 | ---- | M] () -- C:\Users\Nicolr\Desktop\2010SP_FirstPerson_All_Entrepreneurship_is_Social.pdf
 
========== Files Created - No Company Name ==========
 
[2014/04/16 13:31:20 | 000,001,088 | ---- | C] () -- C:\Users\Nicolr\Desktop\Kaspersky Security Scan.lnk
[2014/04/16 13:20:34 | 000,000,047 | ---- | C] () -- C:\Users\Nicolr\AppData\Roaming\WB.CFG
[2014/04/16 13:16:03 | 000,358,193 | ---- | C] () -- C:\Users\Nicolr\AppData\Local\speedial.crx
[2014/04/07 12:16:05 | 000,154,025 | ---- | C] () -- C:\Users\Nicolr\Desktop\Delta Receipt.pdf
[2014/04/07 12:15:42 | 000,146,321 | ---- | C] () -- C:\Users\Nicolr\Desktop\Holiday Inn Receipt.pdf
[2014/03/26 12:23:12 | 016,892,655 | ---- | C] () -- C:\Users\Nicolr\Desktop\all star valiant.wmv
[2014/03/26 12:02:49 | 000,011,820 | ---- | C] () -- C:\Users\Nicolr\AppData\Local\recently-used.xbel
[2014/03/25 15:00:43 | 000,010,817 | -HS- | C] () -- C:\Users\Nicolr\Documents\Folder.jpg
[2014/03/25 15:00:43 | 000,010,817 | -HS- | C] () -- C:\Users\Nicolr\Documents\AlbumArt_{EB3FC20A-D36D-4607-80DD-59CEB3D7383A}_Large.jpg
[2014/03/25 15:00:43 | 000,002,598 | -HS- | C] () -- C:\Users\Nicolr\Documents\AlbumArtSmall.jpg
[2014/03/25 15:00:43 | 000,002,598 | -HS- | C] () -- C:\Users\Nicolr\Documents\AlbumArt_{EB3FC20A-D36D-4607-80DD-59CEB3D7383A}_Small.jpg
[2014/03/25 14:59:45 | 002,359,091 | ---- | C] () -- C:\Users\Nicolr\Documents\all star-smashmouth - smashmouth edit.mp3
[2014/03/24 06:04:07 | 001,366,798 | ---- | C] () -- C:\Users\Nicolr\Desktop\Scientific_AmericanSept2005.pdf
[2014/03/24 06:04:01 | 000,044,527 | ---- | C] () -- C:\Users\Nicolr\Desktop\Rethinking+Development+Assistance_David+Ellerman_World+Bank.pdf
[2014/03/24 06:03:57 | 001,252,407 | ---- | C] () -- C:\Users\Nicolr\Desktop\Planners+Versus+Searchers.PDF
[2014/03/24 06:03:49 | 000,212,563 | ---- | C] () -- C:\Users\Nicolr\Desktop\Income+is+Development.pdf
[2014/03/19 07:32:17 | 000,506,021 | ---- | C] () -- C:\Users\Nicolr\Desktop\2007SP_feature_martinosberg.pdf
[2014/03/19 07:32:13 | 000,538,146 | ---- | C] () -- C:\Users\Nicolr\Desktop\2008FA_feature_phills_deiglmeier_miller.pdf
[2014/03/19 07:32:07 | 000,909,432 | ---- | C] () -- C:\Users\Nicolr\Desktop\2010SP_FirstPerson_All_Entrepreneurship_is_Social.pdf
[2013/02/07 04:05:48 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2013/02/07 04:05:48 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/10/10 20:32:57 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/08/20 03:36:24 | 000,004,096 | -H-- | C] () -- C:\Users\Nicolr\AppData\Local\keyfile3.drm
[2012/07/25 12:40:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/20 10:16:00 | 000,000,000 | ---- | C] () -- C:\Users\Nicolr\AppData\Local\{95984A11-5C56-4FDC-B40B-C5202741B8F3}
[2012/07/19 23:21:14 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/13 00:20:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/07/13 00:20:34 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/07/13 00:20:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/07/13 00:20:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/07/13 00:20:33 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/07/12 23:56:41 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/12/27 12:10:38 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Amazon
[2014/03/26 18:55:38 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Audacity
[2014/04/16 13:36:57 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Dropbox
[2014/03/30 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\DropboxMaster
[2014/03/04 07:39:30 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Free Picture Solutions
[2013/04/18 08:13:59 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\IBM
[2012/07/20 10:13:15 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Leadertech
[2012/08/28 08:12:05 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Lenovo
[2014/02/02 11:29:23 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\McGraw-HillLicensing
[2012/09/24 03:46:23 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\OpenOffice.org
[2013/10/13 09:08:35 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\OverDrive
[2014/03/04 07:36:42 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Paltalk
[2013/01/27 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Philipp Winterberg
[2012/07/20 10:16:00 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\PwrMgr
[2012/07/25 12:30:00 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\SoftGrid Client
[2014/04/16 19:50:09 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Spotify
[2013/02/19 08:12:03 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\SPSSInc
[2012/07/19 23:22:23 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\TP
[2012/08/29 19:54:45 | 000,000,000 | ---D | M] -- C:\Users\Nicolr\AppData\Roaming\Xerox
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
 
 
 
 
 
 
 
 
  • AdwCleaner[S*].txt (AdwCleaner)

# AdwCleaner v3.023 - Report created 16/04/2014 at 13:32:50
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nicolr - NICOLE
# Running from : C:\Users\Nicolr\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\SavingsBull
Folder Deleted : C:\Users\Nicolr\AppData\Local\apn
Folder Deleted : C:\Users\Nicolr\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Nicolr\AppData\Local\Conduit
Folder Deleted : C:\Users\Nicolr\AppData\Local\PackageAware
Folder Deleted : C:\Users\Nicolr\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Nicolr\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Nicolr\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Nicolr\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Nicolr\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\Nicolr\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Nicolr\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Nicolr\Documents\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\Tasks\UpdaterEX.job
File Deleted : C:\Windows\System32\Tasks\UpdaterEX
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3285873
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Bull
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\Savings Bull
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [12015 octets] - [16/04/2014 13:31:17]
AdwCleaner[S0].txt - [10552 octets] - [16/04/2014 13:32:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10613 octets] ##########
 
  • checkup.txt (SecurityCheck)

 

<can't get it>

 

 

 

 

 

  • JRT.txt (Junkware Removal Tool)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Nicolr on Wed 04/16/2014 at 13:40:00.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{013D826D-915B-4199-920D-5C157361ED1C}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{09394774-B4DE-457B-8112-542B082A1E1F}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{0E6BB9D4-BF78-4340-98B9-3EF8CE098BBF}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{1476241A-68C7-4861-A7CB-50E87C7EF6E8}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{16FC24DE-1758-4172-94C9-4D242BB28331}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{1AC2B534-CE2C-4B6D-A559-C8B8858B01C3}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{1C00B7EF-022F-4A30-904C-3125A4498312}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{1D524648-4F39-494E-BAB2-D27F93E1CB44}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{41A4EDE7-A1DD-41C6-B1AC-22501EE445B8}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{5BFD76A8-7E55-4C13-A052-B627D91CBAEF}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{70381060-FA24-4BED-B0F3-5D28954571ED}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{79A84B98-8DDB-4AF1-85C0-C2D4AAFD3D17}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{7D2D8F8F-144F-42B9-9EC3-66EA96A6E001}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{814A66EE-CED4-4196-A93B-7B5C6635F35E}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{846A4319-F7F8-45E6-A34F-93DA27031DCF}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{8776D025-BBDC-435D-AC3C-2295B9E4A8AC}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{8F18B911-F584-442D-AB27-A1AD4970FD87}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{93A1A502-5DA3-4F12-81F0-1F3C0C710D97}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{98143E07-0A70-4C85-A681-DB45F20BECD4}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{9ADE9B54-C6DF-41D9-8A7C-56D4945F5E79}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{9D0F81DC-F3CB-4E71-9940-DA13201D7D3C}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{9E371F26-D111-490E-AE39-965340D721F5}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{A0511574-28D4-4B85-A873-16BF0A00EB7A}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{AD370760-66B9-4AC0-BB96-CAA6FC2BF76D}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{BE31CA9C-0525-4715-8E3D-A51A95045031}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{C078CFDD-3A67-45A0-9E40-4C374732CA5D}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{D7561F1D-E585-443D-80DE-2AA432062CBC}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{EC2CF6A9-041D-40B3-80E2-BBF495B61996}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{F213E66C-6E1E-4B11-9715-FA6EB0791421}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{F48ECC5A-56D8-440A-89FA-4EA1F463AB90}
Successfully deleted: [Empty Folder] C:\Users\Nicolr\appdata\local\{FCF8CF41-E0B5-4B09-A27C-05A8BFABFB74}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/16/2014 at 14:00:08.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#5
Pyxis
Posted 17 April 2014 - 10:25 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Hi! I couldn't get Security Check to work - it keeps saying "unauthorized system" or something.


Thanks for the logs! :) While I am getting my fixed approved, can you perform a reboot and try SecurityCheck again? It sometimes quirks, you see.

Edited by Pyxis, 17 April 2014 - 10:45 AM.

  • 0

#6
Pyxis
Posted 17 April 2014 - 11:21 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Before we proceed to the next steps, I'd like to address a few things:
  • I'd like to ask you to uninstall Kaspersky Security Scan. It is a good program but I do not recommend having it run every time your computer boots as it uses resources unecessarily.
  • Did you knowingly install the Google Chrome add-on called Add Tasks to Do It Tomorrow?
  • How is your computer running?
Feel free to proceed once you have completed or answered the above. :)
  • Step 1

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.

      cF4ib.png

    • Copy and paste the following into the Custom Scans/Fixes box:
      :OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SR
[2014/04/16 13:16:03 | 000,358,193 | ---- | C] () -- C:\Users\Nicolr\AppData\Local\speedial.crx

:Files
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\
    • Click Run Fix.
    • After, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
    • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
    • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

      9C5bx.png

    • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
    • Upon completion, use Notepad to open and save C:\Program Files\ESET\EsetOnlineScanner\log.txt to your desktop.
    • Select Uninstall application on close and click Finish.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, ensure a check mark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
    • Once the program has loaded, select Update Now, then click Scan Now.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)
    • log.txt (ESET Online Scan)
    • mbam-log-*.txt (Malwarebytes' Anti-Malware)

  • 0

#7
crayolaplaydoh
Posted 20 April 2014 - 04:23 AM

crayolaplaydoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Hey...Sorry it's taking so long. But ESET has been running for a while and is still not done!


  • 0

#8
Pyxis
Posted 20 April 2014 - 06:47 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
That's fine! It does quite a thorough scan so we just really have to bear with it.  :laughing:
  • 0

#9
crayolaplaydoh
Posted 21 April 2014 - 10:56 AM

crayolaplaydoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Hey...it seems like it's stalled at 44% scanned. Should I just let it continue for a bit longer? Or is that okay? Because...it doesn't seem to be moving anywhere!


  • 0

#10
crayolaplaydoh
Posted 21 April 2014 - 05:57 PM

crayolaplaydoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Hi! It finally finished!

 

So, to answer your questions, my computer is already running better!

 

Also...I didn't intentionally download Kaspersky OR Add Tasks to do it Tomorrow add-on. At least...not that I can remember.

 

 

Here's the Security Check log:

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials msseces.exe 
 Windows Defender MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 

 

  • MMDDYYYY_HHMMSS.log (OTL)

 

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\Users\Nicolr\AppData\Local\speedial.crx moved successfully.
========== FILES ==========
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\tr folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\ru folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\pt_BR folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\pl folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\nl folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\ja folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\it folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\he folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\fr folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\es folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\en folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\de folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales\ar folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\_locales folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\plugins\resources folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\plugins\images\info folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\plugins\images\favorites folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\plugins\images\chrome folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\plugins\images folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\plugins\css folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\plugins folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\newtab\resources folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\newtab\images\patterns folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\newtab\images folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\newtab\css folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\newtab folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\icons folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\gallery folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin\external folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\skin folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\content\newtab folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\content\external folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\content\data folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\content\browser\misc folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\content\browser folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0\content folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa\9.4.10_0 folder moved successfully.
C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa folder moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 04182014_152049
 
 
 
 
 
 
  • log.txt (ESET Online Scan)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0ae191991c5230428cdb743c61eca9e4
# engine=17949
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-19 10:27:08
# local_time=2014-04-19 06:27:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 23411380 149489878 0 0
# scanned=59713
# found=14
# cleaned=0
# scan_time=10999
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=19C57157C2E9B58037A7D2BCA4909CBF125E9A23 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\ProgramData\InstallMate\{729E30F2-97C1-49E5-AB0E-DFE3A97D1204}\Custom.dll"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\temp\t.msi"
sh=19C57157C2E9B58037A7D2BCA4909CBF125E9A23 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{729E30F2-97C1-49E5-AB0E-DFE3A97D1204}\Custom.dll"
sh=4024A2AF15DA8BC773F44B0351A9D866B7B99EA0 ft=1 fh=ef6cd578a7a3322a vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Nicolr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A40BMDBT\WeatherBugSetup[1].exe"
sh=DB5E4E4F64BAA359255F230C658BE286E266892A ft=1 fh=cc4c339215781df4 vn="multiple threats" ac=I fn="C:\Users\Nicolr\AppData\Local\Temp\{B49F1099-F62C-4105-9A72-DC1D41953B11}\setup.exe"
sh=DBAF0C0FDA97C524E22E680D8214F7D2B8881CE5 ft=1 fh=96600590cf2e1fd9 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Nicolr\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Nicolr\Downloads\cbsidlm-cbsi183-Download_App-PBF-75864009.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Nicolr\Downloads\cbsidlm-cbsi183-Free_Webcam_Recorder-SEO-75984393.exe"
sh=85FD231DFF0A97F70361AA2413861EDC5D0B8BFD ft=1 fh=6e634a93cb0ae455 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Nicolr\Downloads\cbsidlm-cbsi5_3_0_93-Free_RAR_Extract_Frog-SEO-10804840.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Nicolr\Downloads\cbsidlm-tr1_13-Ailt_JPG_JP2_J2K_PCX_to_PDF_Converter-SEO-75547504.exe"
sh=C30AF357942F7E123CA20C3B9DB978702E688196 ft=1 fh=491751e786609081 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Users\Nicolr\Downloads\freeeditor_1787.exe"
sh=EE53296BAB64E381B7F6276F9E39FB4FD3402130 ft=1 fh=4896e614503bbce9 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Users\Nicolr\Downloads\FreeFileOpener_Setup.exe"
sh=952FA60B07E6352A2D08F143846ADCFDD15CBC13 ft=1 fh=b346b098e82b065b vn="a variant of Win32/InstallCore.LW potentially unwanted application" ac=I fn="C:\Users\Nicolr\Downloads\setup (1).exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0ae191991c5230428cdb743c61eca9e4
# engine=17958
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-21 09:44:16
# local_time=2014-04-21 05:44:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 23581608 149660106 0 0
# scanned=152242
# found=17
# cleaned=16
# scan_time=83721
sh=19C57157C2E9B58037A7D2BCA4909CBF125E9A23 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{729E30F2-97C1-49E5-AB0E-DFE3A97D1204}\Custom.dll"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=19C57157C2E9B58037A7D2BCA4909CBF125E9A23 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\ProgramData\InstallMate\{729E30F2-97C1-49E5-AB0E-DFE3A97D1204}\Custom.dll"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application (deleted - quarantined)" ac=C fn="C:\temp\t.msi"
sh=4024A2AF15DA8BC773F44B0351A9D866B7B99EA0 ft=1 fh=ef6cd578a7a3322a vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nicolr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A40BMDBT\WeatherBugSetup[1].exe"
sh=DB5E4E4F64BAA359255F230C658BE286E266892A ft=1 fh=cc4c339215781df4 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Nicolr\AppData\Local\Temp\{B49F1099-F62C-4105-9A72-DC1D41953B11}\setup.exe"
sh=DBAF0C0FDA97C524E22E680D8214F7D2B8881CE5 ft=1 fh=96600590cf2e1fd9 vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nicolr\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Nicolr\Downloads\cbsidlm-cbsi183-Download_App-PBF-75864009.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Nicolr\Downloads\cbsidlm-cbsi183-Free_Webcam_Recorder-SEO-75984393.exe"
sh=85FD231DFF0A97F70361AA2413861EDC5D0B8BFD ft=1 fh=6e634a93cb0ae455 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Nicolr\Downloads\cbsidlm-cbsi5_3_0_93-Free_RAR_Extract_Frog-SEO-10804840.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Nicolr\Downloads\cbsidlm-tr1_13-Ailt_JPG_JP2_J2K_PCX_to_PDF_Converter-SEO-75547504.exe"
sh=C30AF357942F7E123CA20C3B9DB978702E688196 ft=1 fh=491751e786609081 vn="a variant of Win32/InstallIQ.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Nicolr\Downloads\freeeditor_1787.exe"
sh=EE53296BAB64E381B7F6276F9E39FB4FD3402130 ft=1 fh=4896e614503bbce9 vn="a variant of Win32/Adware.iBryte.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Nicolr\Downloads\FreeFileOpener_Setup.exe"
sh=952FA60B07E6352A2D08F143846ADCFDD15CBC13 ft=1 fh=b346b098e82b065b vn="a variant of Win32/InstallCore.LW potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Nicolr\Downloads\setup (1).exe"
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="a variant of Win32/AdWare.Adpeak.D application (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\04162014_124015\C_Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="a variant of Win64/Adware.Adpeak.C application (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\04162014_124015\C_Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe"
sh=D777A257C69DFEF8178802B0C1F761B10FA57CA9 ft=1 fh=40f9bf237edbd1c7 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\_OTL\MovedFiles\04162014_124015\C_Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe"
 
 
 
 
 
  • mbam-log-*.txt (Malwarebytes' Anti-Malware)

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/21/2014
Scan Time: 7:54:04 PM
Logfile: malwarebytes anti-malware.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.21.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nicolr
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276118
Time Elapsed: 14 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\iagcajndpnfncplednpbnkahadegklfa, Quarantined, [c5369c90c0bb38fee1644f1f758d46ba], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iagcajndpnfncplednpbnkahadegklfa, Quarantined, [8e6d0b21671444f2162f026c9072e41c], 
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3770062543-4082428275-1447757351-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\iagcajndpnfncplednpbnkahadegklfa, Quarantined, [e11ac16bf487d2642026abc334ced62a], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.SolidSavings.A, C:\Users\Nicolr\AppData\Local\Solid Savings, Quarantined, [46b59993b3c8f93d622565ff7a8807f9], 
 
Files: 2
PUP.Optional.MySearchDial.A, C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iagcajndpnfncplednpbnkahadegklfa_0.localstorage, Quarantined, [f00b8ca0186344f2cd76a3cb7e844bb5], 
PUP.Optional.MySearchDial.A, C:\Users\Nicolr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iagcajndpnfncplednpbnkahadegklfa_0.localstorage-journal, Quarantined, [49b23fed2b501323df64d49a23df06fa], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#11
Pyxis
Posted 23 April 2014 - 10:06 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Thanks for the logs. We are close to finishing. :thumbsup:
  • Step 1

    You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.Note: Please untick any optional offers Adobe products might come with. Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.

Edited by Pyxis, 23 April 2014 - 10:21 AM.

  • 0

#12
crayolaplaydoh
Posted 25 April 2014 - 03:26 PM

crayolaplaydoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Updated!


  • 0

#13
Pyxis
Posted 26 April 2014 - 05:17 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Thank you for your cooperation. Your logs show no sign of infection. Congratulations, your system is now clean. :thumbsup: Below are a few more steps you have to complete to ensure the good working condition of your system.

Remove Special Tools with OTL by OldTimer

Using this tool will remove all temporary, and unnecessary files still in your computer after using the tools I asked you to run earlier.
  • Double-click OTL.exe to run it. For Windows Vista and Windows 7 users, please run it as an administrator.
    • As seen on the interface, click the CleanUp button.
    • You will be asked to reboot after. Please allow it to do so by clicking Yes on the next prompt.
Set a Clean Restore Point

Doing this will prevent you from a possible reinfection. You see, malicious files try to save a copy of themselves in the System Volume Information storage. The latter is a protected directory; the best way to get rid of these possible copies is to do the step below. Since your system is now clean, it is essential to set a clean and working backup.
  • Navigate to Start, right-click Computer and click Properties.
    • On the left, click System protection.
    • Click Create.... Input any title and press Create.
    • Once done, press Close > OK.
    • Click Start > All Programs > Accessories > System Tools.
    • Right-click on Disk Cleanup. Run it as an administrator.
    • If you have more than one drive, select your default one (C:). Otherwise, wait for its initialization to finish.
    • Check the following boxes (you may choose to add more):
      • Temporary Internet Files
      • Recycle Bin
      • Temporary Files
    • Navigate to the More Options tab.
    • Under System Restore and Shadow Copies, click Cleanup... > Delete > OK.
I will now proceed to giving to tips on how to maintain your system as it is. You can do the following as a routine to ensure that your system will work properly. Anytime you encounter an infection again, please do not hesitate to go back here at Geeks to Go. :)

Keep Your Computer Updated

Your current Windows operating system needs to install additional updates which are important, one of which is the Service Pack. The latter and other updates contain fixes and patches to prevent attackers from compromising your system. It is imperative that you keep your system up-to-date by obtaining free updates whenever they are available.
  • Install the latest Service Pack by going 'here'. If you already have, continually visit the official 'Microsoft Windows Update' site to keep your system up-to-date.
Update Java

One of the programs you use every day unknowingly is Java. It is necessary for a lot of applications thus you should make sure it is always up-to-date. Older versions may be prone to exploits and vulnerabilities.
  • Download the latest 'Java' installation and save it to your desktop.
    • You need to uninstall any previous Java installations.
      • For Windows XP: Navigate to Start > Control Panel > Add or Remove Programs.
      • For Windows Vista: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
      • For Windows 7: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
    • Search the list for previous installations of Java such as all versions below:
      • Java™ 7 Update 55
    • Proceed to uninstalling the old versions and install the one you've just downloaded.
Update Your Anti-Virus Every Day
  • Updating
Ensuring that you have one anti-virus installed in your system is a good way to prevent being infected. You must always make sure to update your anti-virus every day; anti-virus companies see to to it that the latest definition updates are distributed to be in par with the growing advancement and propagation of malware. Your anti-virus is useless if you do not update it.
  • Scanning
Set a scanning routine. Ensure that you do a full scan with your anti-virus monthly. This is part of maintaining a clean system--a scanning routine proves to be effective. You can never be sure when your computer has caught an infection.

Surf Safe

Alongside your anti-virus and firewall, various programs such as SpywareBlaster can be obtained to help you avoid malicious sites. Don't worry as it poses no conflict to your current installation. Please find the download link in the program's name below.SpywareBlaster can help keep your system secure, without interfering with the "good side" of the web. Unlike other programs, it does not have to remain running in the background. It works alongside the programs you have to ensure safe surfing.
  • Just like your regular security programs, SpywareBlaster needs to be updated every day.
    • Open the program by clicking the icon.
    • Click Updates > Check For Updates.
    • If there happens to be an update, a Enable All Protection button will appear. Please click that button.
If you have any unresolved issues with regard to this thread or you need more :help: please ask me. I would assist you further, should it be required. Otherwise, enjoy your clean system.

:cheers:

Thank you.

Edited by Pyxis, 26 April 2014 - 05:17 AM.

  • 0

#14
Essexboy
Posted 27 April 2014 - 08:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP